Hi,
So I managed to get my NAT setup for my VMs using a SDN. To lock down the environment, I've setup Tailscale on the PVE host and I was using ufw to only allow incomingi connections via the tailscale0 interface. Here's my ruleset:
With this active, my VMs cannot retrieve an IP from the SDN. When I disable ufw, the VMs can get IPs and works just fine. I did find and follow the instructions for allowing forwarding via ufw based on this article: https://gist.github.com/kimus/9315140
However, after trying a few times, this didn't work either. I've got my PVE server sitting locally right now in my home lab, but I'll be moving it to a colo soon and it will have a public IP assigned to it, hence why I'm looking at using something like Tailscale to limit access, and using UFW to enforce those restrictions. Any help/suggestions are welcome.
So I managed to get my NAT setup for my VMs using a SDN. To lock down the environment, I've setup Tailscale on the PVE host and I was using ufw to only allow incomingi connections via the tailscale0 interface. Here's my ruleset:
Code:
$ ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
Anywhere on tailscale0 ALLOW IN Anywhere
Anywhere (v6) on tailscale0 ALLOW IN Anywhere (v6)With this active, my VMs cannot retrieve an IP from the SDN. When I disable ufw, the VMs can get IPs and works just fine. I did find and follow the instructions for allowing forwarding via ufw based on this article: https://gist.github.com/kimus/9315140
However, after trying a few times, this didn't work either. I've got my PVE server sitting locally right now in my home lab, but I'll be moving it to a colo soon and it will have a public IP assigned to it, hence why I'm looking at using something like Tailscale to limit access, and using UFW to enforce those restrictions. Any help/suggestions are welcome.
